<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
    <title>Zend_OpenId_Consumer Basics - Zend Framework Manual</title>

    <link href="../css/shCore.css" rel="stylesheet" type="text/css" />
    <link href="../css/shThemeDefault.css" rel="stylesheet" type="text/css" />
    <link href="../css/styles.css" media="all" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Zend Framework</h1>
<h2>Programmer's Reference Guide</h2>
<ul>
    <li><a href="../en/zend.openid.consumer.html">Inglês (English)</a></li>
    <li><a href="../pt-br/zend.openid.consumer.html">Português Brasileiro (Brazilian Portuguese)</a></li>
</ul>
<table width="100%">
    <tr valign="top">
        <td width="85%">
            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="zend.openid.introduction.html">Introduction</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="zend.openid.html">Zend_OpenId</a></span><br />
                        <span class="home"><a href="manual.html">Programmer's Reference Guide</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="zend.openid.provider.html">Zend_OpenId_Provider</a></div>
                    </td>
                </tr>
            </table>
<hr />
<div id="zend.openid.consumer" class="section"><div class="info"><h1 class="title">Zend_OpenId_Consumer Basics</h1></div>
    

    <p class="para">
        <span class="classname">Zend_OpenId_Consumer</span> can be used to implement OpenID
        authentication for web sites.
    </p>

    <div class="section" id="zend.openid.consumer.authentication"><div class="info"><h1 class="title">OpenID Authentication</h1></div>
        

        <p class="para">
            From a web site developer&#039;s point of view, the OpenID authentication
            process consists of three steps:
        </p>

        <ol type="1">
            <li class="listitem">
                <p class="para">
                    Show OpenID authentication form
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    Accept OpenID identity and pass it to the OpenID provider
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    Verify response from the OpenID provider
                </p>
            </li>
        </ol>

        <p class="para">
            The OpenID authentication protocol actually requires more
            steps, but many of them are encapsulated inside
            <span class="classname">Zend_OpenId_Consumer</span> and are therefore transparent to the
            developer.
        </p>

        <p class="para">
            The end user initiates the OpenID authentication process by
            submitting his or her identification credentials with the appropriate form.
            The following example shows a simple form that accepts an OpenID
            identifier. Note that the example only demonstrates a login.
        </p>

        <div class="example" id="zend.openid.consumer.example-1"><div class="info"><p><b>Example #1 The Simple OpenID Login form</b></p></div>
            

            <pre class="programlisting brush: php">
&lt;html&gt;&lt;body&gt;
&lt;form method=&quot;post&quot; action=&quot;example-1_2.php&quot;&gt;&lt;fieldset&gt;
&lt;legend&gt;OpenID Login&lt;/legend&gt;
&lt;input type=&quot;text&quot; name=&quot;openid_identifier&quot;&gt;
&lt;input type=&quot;submit&quot; name=&quot;openid_action&quot; value=&quot;login&quot;&gt;
&lt;/fieldset&gt;&lt;/form&gt;&lt;/body&gt;&lt;/html&gt;
</pre>

        </div>

        <p class="para">
            This form passes the OpenID identity on submission to the following
            <acronym class="acronym">PHP</acronym> script that performs the second step of authentication. The
            <acronym class="acronym">PHP</acronym> script need only call the
             <span class="methodname">Zend_OpenId_Consumer::login()</span> method in this step. The first
            argument of this method is an accepted OpenID identity, and the second is the
            <acronym class="acronym">URL</acronym> of a script that handles the third and last step of
            authentication.
        </p>

        <div class="example" id="zend.openid.consumer.example-1_2"><div class="info"><p><b>Example #2 The Authentication Request Handler</b></p></div>
            

            <pre class="programlisting brush: php">
$consumer = new Zend_OpenId_Consumer();
if (!$consumer-&gt;login($_POST[&#039;openid_identifier&#039;], &#039;example-1_3.php&#039;)) {
    die(&quot;OpenID login failed.&quot;);
}
</pre>

        </div>

        <p class="para">
            The  <span class="methodname">Zend_OpenId_Consumer::login()</span> method performs discovery on
            a given identifier, and, if successful, obtains the address of the identity
            provider and its local identifier. It then creates an association to the
            given provider so that both the site and provider share a secret
            that is used to sign the subsequent messages. Finally, it passes an
            authentication request to the provider. This request redirects the
            end user&#039;s web browser to an OpenID server site, where the user can
            continue the authentication process.
        </p>

        <p class="para">
            An OpenID provider usually asks users for their password (if they
            weren&#039;t previously logged-in), whether the user trusts this site and what
            information may be returned to the site. These interactions are not
            visible to the OpenID consumer, so it can not obtain the
            user&#039;s password or other information that the user did not has not directed the
            OpenID provider to share with it.
        </p>

        <p class="para">
            On success,  <span class="methodname">Zend_OpenId_Consumer::login()</span> does not
            return, instead performing an <acronym class="acronym">HTTP</acronym> redirection. However, if there is
            an error it may return <b><tt>FALSE</tt></b>. Errors may occur due to an invalid
            identity, unresponsive provider, communication error, etc.
        </p>

        <p class="para">
            The third step of authentication is initiated by the response from the
            OpenID provider, after it has authenticated the user&#039;s password.
            This response is passed indirectly, as an <acronym class="acronym">HTTP</acronym> redirection using the
            end user&#039;s web browser. The consumer must now simply check
            that this response is valid.
        </p>

        <div class="example" id="zend.openid.consumer.example-1_3"><div class="info"><p><b>Example #3 The Authentication Response Verifier</b></p></div>
            

            <pre class="programlisting brush: php">
$consumer = new Zend_OpenId_Consumer();
if ($consumer-&gt;verify($_GET, $id)) {
    echo &quot;VALID &quot; . htmlspecialchars($id);
} else {
    echo &quot;INVALID &quot; . htmlspecialchars($id);
}
</pre>

        </div>

        <p class="para">
            This check is performed using the <span class="classname">Zend_OpenId_Consumer::verify</span>
            method, which takes an array of
            the <acronym class="acronym">HTTP</acronym> request&#039;s arguments and checks that this response is
            properly signed by the OpenID provider. It may assign
            the claimed OpenID identity that was entered by end user in the
            first step using a second, optional argument.
        </p>
    </div>

    <div class="section" id="zend.openid.consumer.combine"><div class="info"><h1 class="title">Combining all Steps in One Page</h1></div>
        

        <p class="para">
            The following example combines all three steps in one script. It doesn&#039;t
            provide any new functionality. The advantage of using just one script is that
            the developer need not specify <acronym class="acronym">URL</acronym>&#039;s for a script to handle the next
            step. By default, all steps use the same <acronym class="acronym">URL</acronym>. However, the script now
            includes some dispatch code to execute the appropriate code for each step of
            authentication.
        </p>

        <div class="example" id="zend.openid.consumer.example-2"><div class="info"><p><b>Example #4 The Complete OpenID Login Script</b></p></div>
            

            <pre class="programlisting brush: php">
&lt;?php
$status = &quot;&quot;;
if (isset($_POST[&#039;openid_action&#039;]) &amp;&amp;
    $_POST[&#039;openid_action&#039;] == &quot;login&quot; &amp;&amp;
    !empty($_POST[&#039;openid_identifier&#039;])) {

    $consumer = new Zend_OpenId_Consumer();
    if (!$consumer-&gt;login($_POST[&#039;openid_identifier&#039;])) {
        $status = &quot;OpenID login failed.&quot;;
    }
} else if (isset($_GET[&#039;openid_mode&#039;])) {
    if ($_GET[&#039;openid_mode&#039;] == &quot;id_res&quot;) {
        $consumer = new Zend_OpenId_Consumer();
        if ($consumer-&gt;verify($_GET, $id)) {
            $status = &quot;VALID &quot; . htmlspecialchars($id);
        } else {
            $status = &quot;INVALID &quot; . htmlspecialchars($id);
        }
    } else if ($_GET[&#039;openid_mode&#039;] == &quot;cancel&quot;) {
        $status = &quot;CANCELLED&quot;;
    }
}
?&gt;
&lt;html&gt;&lt;body&gt;
&lt;?php echo &quot;$status&lt;br&gt;&quot; ?&gt;
&lt;form method=&quot;post&quot;&gt;
&lt;fieldset&gt;
&lt;legend&gt;OpenID Login&lt;/legend&gt;
&lt;input type=&quot;text&quot; name=&quot;openid_identifier&quot; value=&quot;&quot;/&gt;
&lt;input type=&quot;submit&quot; name=&quot;openid_action&quot; value=&quot;login&quot;/&gt;
&lt;/fieldset&gt;
&lt;/form&gt;
&lt;/body&gt;&lt;/html&gt;
</pre>

        </div>

        <p class="para">
            In addition, this code differentiates between cancelled and invalid
            authentication responses. The provider returns a cancelled response
            if the identity provider is not aware of the supplied identity, the user
            is not logged in, or the user doesn&#039;t trust the site. An invalid response indicates
            that the response is not conformant to the OpenID protocol or is incorrectly signed.
        </p>
    </div>

    <div class="section" id="zend.openid.consumer.realm"><div class="info"><h1 class="title">Consumer Realm</h1></div>
        

        <p class="para">
            When an OpenID-enabled site passes authentication requests to a
            provider, it identifies itself with a realm <acronym class="acronym">URL</acronym>. This
            <acronym class="acronym">URL</acronym> may be considered a root of a trusted site. If the user trusts
            the realm <acronym class="acronym">URL</acronym>, he or she should also trust matched and subsequent
            <acronym class="acronym">URL</acronym>s.
        </p>

        <p class="para">
            By default, the realm <acronym class="acronym">URL</acronym> is automatically set to the
            <acronym class="acronym">URL</acronym> of the directory in which the login script resides. This default
            value is useful for most, but not all, cases. Sometimes an entire domain, and not a
            directory should be trusted. Or even a combination of several servers in one domain.
        </p>

        <p class="para">
            To override the default value, developers may pass the realm <acronym class="acronym">URL</acronym> as a
            third argument to the <span class="classname">Zend_OpenId_Consumer::login</span> method. In
            the following example, a single interaction asks for trusted access to
            all php.net sites.
        </p>

        <div class="example" id="zend.openid.consumer.example-3_2"><div class="info"><p><b>Example #5 Authentication Request for Specified Realm</b></p></div>
            

            <pre class="programlisting brush: php">
$consumer = new Zend_OpenId_Consumer();
if (!$consumer-&gt;login($_POST[&#039;openid_identifier&#039;],
                      &#039;example-3_3.php&#039;,
                      &#039;http://*.php.net/&#039;)) {
    die(&quot;OpenID login failed.&quot;);
}
</pre>

        </div>

        <p class="para">
            This example implements only the second step of authentication;
            the first and third steps are similar to the examples above.
        </p>
    </div>

    <div class="section" id="zend.openid.consumer.check"><div class="info"><h1 class="title">Immediate Check</h1></div>
        

        <p class="para">
            In some cases, an application need only check if a user is already
            logged in to a trusted OpenID server without any interaction with the
            user. The <span class="classname">Zend_OpenId_Consumer::check</span> method does precisely
            that. It is executed with the same arguments as
            <span class="classname">Zend_OpenId_Consumer::login</span>, but it doesn&#039;t display any
            OpenID server pages to the user. From the users point of view this process is
            transparent, and it appears as though they never left the site. The third step
            succeeds if the user is already logged in and trusted by the site, otherwise
            it will fail.
        </p>

        <div class="example" id="zend.openid.consumer.example-4"><div class="info"><p><b>Example #6 Immediate Check without Interaction</b></p></div>
            

            <pre class="programlisting brush: php">
$consumer = new Zend_OpenId_Consumer();
if (!$consumer-&gt;check($_POST[&#039;openid_identifier&#039;], &#039;example-4_3.php&#039;)) {
    die(&quot;OpenID login failed.&quot;);
}
</pre>

        </div>

        <p class="para">
            This example implements only the second step of authentication;
            the first and third steps are similar to the examples above.
        </p>
    </div>

    <div class="section" id="zend.openid.consumer.storage"><div class="info"><h1 class="title">Zend_OpenId_Consumer_Storage</h1></div>
        

        <p class="para">
            There are three steps in the OpenID authentication procedure, and each
            step is performed by a separate <acronym class="acronym">HTTP</acronym> request. To store information
            between requests, <span class="classname">Zend_OpenId_Consumer</span> uses internal storage.
        </p>

        <p class="para">
            Developers do not necessarily have to be aware of this storage because by default
            <span class="classname">Zend_OpenId_Consumer</span> uses file-based storage under the temporary
            directory- similar to <acronym class="acronym">PHP</acronym> sessions. However, this storage may be not
            suitable in all cases. Some developers may want to store information in a database,
            while others may need to use common storage suitable for server farms. Fortunately,
            developers may easily replace the default storage with their own. To specify a custom
            storage mechanism, one need only extend the
            <span class="classname">Zend_OpenId_Consumer_Storage</span> class and pass this subclass to the
            <span class="classname">Zend_OpenId_Consumer</span> constructor in the first argument.
        </p>

        <p class="para">
            The following example demonstrates a simple storage mechanism that uses
            <span class="classname">Zend_Db</span> as its backend and exposes three groups of functions.
            The first group contains functions for working with associations, while the second group
            caches discovery information, and the third group can be used to check whether a
            response is unique. This class can easily be used with existing or new databases; if the
            required tables don&#039;t exist, it will create them.
        </p>

        <div class="example" id="zend.openid.consumer.example-5"><div class="info"><p><b>Example #7 Database Storage</b></p></div>
            

            <pre class="programlisting brush: php">
class DbStorage extends Zend_OpenId_Consumer_Storage
{
    private $_db;
    private $_association_table;
    private $_discovery_table;
    private $_nonce_table;

    // Pass in the Zend_Db_Adapter object and the names of the
    // required tables
    public function __construct($db,
                                $association_table = &quot;association&quot;,
                                $discovery_table = &quot;discovery&quot;,
                                $nonce_table = &quot;nonce&quot;)
    {
        $this-&gt;_db = $db;
        $this-&gt;_association_table = $association_table;
        $this-&gt;_discovery_table = $discovery_table;
        $this-&gt;_nonce_table = $nonce_table;
        $tables = $this-&gt;_db-&gt;listTables();

        // If the associations table doesn&#039;t exist, create it
        if (!in_array($association_table, $tables)) {
            $this-&gt;_db-&gt;getConnection()-&gt;exec(
                &quot;create table $association_table (&quot; .
                &quot; url     varchar(256) not null primary key,&quot; .
                &quot; handle  varchar(256) not null,&quot; .
                &quot; macFunc char(16) not null,&quot; .
                &quot; secret  varchar(256) not null,&quot; .
                &quot; expires timestamp&quot; .
                &quot;)&quot;);
        }

        // If the discovery table doesn&#039;t exist, create it
        if (!in_array($discovery_table, $tables)) {
            $this-&gt;_db-&gt;getConnection()-&gt;exec(
                &quot;create table $discovery_table (&quot; .
                &quot; id      varchar(256) not null primary key,&quot; .
                &quot; realId  varchar(256) not null,&quot; .
                &quot; server  varchar(256) not null,&quot; .
                &quot; version float,&quot; .
                &quot; expires timestamp&quot; .
                &quot;)&quot;);
        }

        // If the nonce table doesn&#039;t exist, create it
        if (!in_array($nonce_table, $tables)) {
            $this-&gt;_db-&gt;getConnection()-&gt;exec(
                &quot;create table $nonce_table (&quot; .
                &quot; nonce   varchar(256) not null primary key,&quot; .
                &quot; created timestamp default current_timestamp&quot; .
                &quot;)&quot;);
        }
    }

    public function addAssociation($url,
                                   $handle,
                                   $macFunc,
                                   $secret,
                                   $expires)
    {
        $table = $this-&gt;_association_table;
        $secret = base64_encode($secret);
        $this-&gt;_db-&gt;insert($table, array(
            &#039;url&#039;     =&gt; $url,
            &#039;handle&#039;  =&gt; $handle,
            &#039;macFunc&#039; =&gt; $macFunc,
            &#039;secret&#039;  =&gt; $secret,
            &#039;expires&#039; =&gt; $expires,
        ));
        return true;
    }

    public function getAssociation($url,
                                   &amp;$handle,
                                   &amp;$macFunc,
                                   &amp;$secret,
                                   &amp;$expires)
    {
        $table = $this-&gt;_association_table;
        $this-&gt;_db-&gt;delete(
            $table, $this-&gt;_db-&gt;quoteInto(&#039;expires &lt; ?&#039;, time())
        );
        $select = $this-_db-&gt;select()
                -&gt;from($table, array(&#039;handle&#039;, &#039;macFunc&#039;, &#039;secret&#039;, &#039;expires&#039;))
                -&gt;where(&#039;url = ?&#039;, $url);
        $res = $this-&gt;_db-&gt;fetchRow($select);

        if (is_array($res)) {
            $handle  = $res[&#039;handle&#039;];
            $macFunc = $res[&#039;macFunc&#039;];
            $secret  = base64_decode($res[&#039;secret&#039;]);
            $expires = $res[&#039;expires&#039;];
            return true;
        }
        return false;
    }

    public function getAssociationByHandle($handle,
                                           &amp;$url,
                                           &amp;$macFunc,
                                           &amp;$secret,
                                           &amp;$expires)
    {
        $table = $this-&gt;_association_table;
        $this-&gt;_db-&gt;delete(
            $table, $this-&gt;_db-&gt;quoteInto(&#039;expires &lt; &#039;, time())
        );
        $select = $this-&gt;_db-&gt;select()
                -&gt;from($table, array(&#039;url&#039;, &#039;macFunc&#039;, &#039;secret&#039;, &#039;expires&#039;)
                -&gt;where(&#039;handle = ?&#039;, $handle);
        $res = $select-&gt;fetchRow($select);

        if (is_array($res)) {
            $url     = $res[&#039;url&#039;];
            $macFunc = $res[&#039;macFunc&#039;];
            $secret  = base64_decode($res[&#039;secret&#039;]);
            $expires = $res[&#039;expires&#039;];
            return true;
        }
        return false;
    }

    public function delAssociation($url)
    {
        $table = $this-&gt;_association_table;
        $this-&gt;_db-&gt;query(&quot;delete from $table where url = &#039;$url&#039;&quot;);
        return true;
    }

    public function addDiscoveryInfo($id,
                                     $realId,
                                     $server,
                                     $version,
                                     $expires)
    {
        $table = $this-&gt;_discovery_table;
        $this-&gt;_db-&gt;insert($table, array(
            &#039;id&#039;      =&gt; $id,
            &#039;realId&#039;  =&gt; $realId,
            &#039;server&#039;  =&gt; $server,
            &#039;version&#039; =&gt; $version,
            &#039;expires&#039; =&gt; $expires,
        ));

        return true;
    }

    public function getDiscoveryInfo($id,
                                     &amp;$realId,
                                     &amp;$server,
                                     &amp;$version,
                                     &amp;$expires)
    {
        $table = $this-&gt;_discovery_table;
        $this-&gt;_db-&gt;delete($table, $this-&gt;quoteInto(&#039;expires &lt; ?&#039;, time()));
        $select = $this-&gt;_db-&gt;select()
                -&gt;from($table, array(&#039;realId&#039;, &#039;server&#039;, &#039;version&#039;, &#039;expires&#039;))
                -&gt;where(&#039;id = ?&#039;, $id);
        $res = $this-&gt;_db-&gt;fetchRow($select);

        if (is_array($res)) {
            $realId  = $res[&#039;realId&#039;];
            $server  = $res[&#039;server&#039;];
            $version = $res[&#039;version&#039;];
            $expires = $res[&#039;expires&#039;];
            return true;
        }
        return false;
    }

    public function delDiscoveryInfo($id)
    {
        $table = $this-&gt;_discovery_table;
        $this-&gt;_db-&gt;delete($table, $this-&gt;_db-&gt;quoteInto(&#039;id = ?&#039;, $id));
        return true;
    }

    public function isUniqueNonce($nonce)
    {
        $table = $this-&gt;_nonce_table;
        try {
            $ret = $this-&gt;_db-&gt;insert($table, array(
                &#039;nonce&#039; =&gt; $nonce,
            ));
        } catch (Zend_Db_Statement_Exception $e) {
            return false;
        }
        return true;
    }

    public function purgeNonces($date=null)
    {
    }
}

$db = Zend_Db::factory(&#039;Pdo_Sqlite&#039;,
    array(&#039;dbname&#039;=&gt;&#039;/tmp/openid_consumer.db&#039;));
$storage = new DbStorage($db);
$consumer = new Zend_OpenId_Consumer($storage);
</pre>

        </div>

        <p class="para">
            This example doesn&#039;t list the OpenID authentication code itself, but this
            code would be the same as that for other examples in this chapter.
            examples.
        </p>
    </div>

    <div class="section" id="zend.openid.consumer.sreg"><div class="info"><h1 class="title">Simple Registration Extension</h1></div>
        

        <p class="para">
            In addition to authentication, the OpenID standard can be used for
            lightweight profile exchange to make information about a user portable across multiple
            sites. This feature is not covered by the OpenID authentication specification, but by
            the OpenID Simple Registration Extension protocol. This protocol allows OpenID-enabled
            sites to ask for information about end users from OpenID providers. Such information may
            include:
        </p>

        <ul class="itemizedlist">
            <li class="listitem">
                <p class="para">
                    <em class="emphasis">nickname</em>
                    - any UTF-8 string that the end user uses as a nickname
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    <em class="emphasis">email</em>
                    - the email address of the user as specified in section 3.4.1
                    of RFC2822
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    <em class="emphasis">fullname</em>
                    - a UTF-8 string representation of the user&#039;s full name
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    <em class="emphasis">dob</em>
                    - the user&#039;s date of birth in the format &#039;YYYY-MM-DD&#039;. Any values whose
                    representation uses fewer than the specified number of digits in this format
                    should be zero-padded. In other words, the length of this value must always be
                    10. If the end user does not want to reveal any particular
                    part of this value (i.e., year, month or day), it must be set to zero. For
                    example, if the user wants to specify that his date of birth falls in 1980,
                    but not specify the month or day, the value returned should be &#039;1980-00-00&#039;.
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    <em class="emphasis">gender</em>
                    - the user&#039;s gender: &quot;M&quot; for male, &quot;F&quot; for female
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    <em class="emphasis">postcode</em>
                    - a UTF-8 string that conforms to the postal system of the user&#039;s country
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    <em class="emphasis">country</em>
                    - the user&#039;s country of residence as specified by ISO3166
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    <em class="emphasis">language</em>
                    - the user&#039;s preferred language as specified by ISO639
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    <em class="emphasis">timezone</em>
                    - an <acronym class="acronym">ASCII</acronym> string from a TimeZone database. For example,
                    &quot;Europe/Paris&quot; or &quot;America/Los_Angeles&quot;.
                </p>
            </li>
        </ul>

        <p class="para">
            An OpenID-enabled web site may ask for any combination of these
            fields. It may also strictly require some information and allow users
            to provide or hide additional information. The following example instantiates
            the <span class="classname">Zend_OpenId_Extension_Sreg</span> class, requiring
            a <em class="emphasis">nickname</em> and optionally requests
            an <em class="emphasis">email</em> and a <em class="emphasis">fullname</em>.
        </p>

        <div class="example" id="zend.openid.consumer.example-6_2"><div class="info"><p><b>Example #8 Sending Requests with a Simple Registration Extension</b></p></div>
            

            <pre class="programlisting brush: php">
$sreg = new Zend_OpenId_Extension_Sreg(array(
    &#039;nickname&#039;=&gt;true,
    &#039;email&#039;=&gt;false,
    &#039;fullname&#039;=&gt;false), null, 1.1);
$consumer = new Zend_OpenId_Consumer();
if (!$consumer-&gt;login($_POST[&#039;openid_identifier&#039;],
                      &#039;example-6_3.php&#039;,
                      null,
                      $sreg)) {
    die(&quot;OpenID login failed.&quot;);
}
</pre>

        </div>

        <p class="para">
            As you can see, the <span class="classname">Zend_OpenId_Extension_Sreg</span>
            constructor accepts an array of OpenID fields. This array has the names of
            fields as indexes to a flag indicating whether the field is required;
            <b><tt>TRUE</tt></b> means the field is required and
            <b><tt>FALSE</tt></b> means the field is optional. The
            <span class="classname">Zend_OpenId_Consumer::login</span> method accepts an extension or an
            array of extensions as its fourth argument.
        </p>

        <p class="para">
            On the third step of authentication, the
            <span class="classname">Zend_OpenId_Extension_Sreg</span> object should be passed to
            <span class="classname">Zend_OpenId_Consumer::verify</span>. Then on successful authentication
            the <span class="classname">Zend_OpenId_Extension_Sreg::getProperties</span> method will return
            an associative array of requested fields.
        </p>

        <div class="example" id="zend.openid.consumer.example-6_3"><div class="info"><p><b>Example #9 Verifying Responses with a Simple Registration Extension</b></p></div>
            

            <pre class="programlisting brush: php">
$sreg = new Zend_OpenId_Extension_Sreg(array(
    &#039;nickname&#039;=&gt;true,
    &#039;email&#039;=&gt;false,
    &#039;fullname&#039;=&gt;false), null, 1.1);
$consumer = new Zend_OpenId_Consumer();
if ($consumer-&gt;verify($_GET, $id, $sreg)) {
    echo &quot;VALID &quot; . htmlspecialchars($id) .&quot;&lt;br&gt;\n&quot;;
    $data = $sreg-&gt;getProperties();
    if (isset($data[&#039;nickname&#039;])) {
        echo &quot;nickname: &quot; . htmlspecialchars($data[&#039;nickname&#039;]) . &quot;&lt;br&gt;\n&quot;;
    }
    if (isset($data[&#039;email&#039;])) {
        echo &quot;email: &quot; . htmlspecialchars($data[&#039;email&#039;]) . &quot;&lt;br&gt;\n&quot;;
    }
    if (isset($data[&#039;fullname&#039;])) {
        echo &quot;fullname: &quot; . htmlspecialchars($data[&#039;fullname&#039;]) . &quot;&lt;br&gt;\n&quot;;
    }
} else {
    echo &quot;INVALID &quot; . htmlspecialchars($id);
}
</pre>

        </div>

        <p class="para">
            If the <span class="classname">Zend_OpenId_Extension_Sreg</span> object was created without any
            arguments, the user code should check for the existence of the required
            data itself. However, if the object is created with the same list of
            required fields as on the second step, it will automatically check for the existence
            of required data. In this case, <span class="classname">Zend_OpenId_Consumer::verify</span>
            will return <b><tt>FALSE</tt></b> if any of the required fields are
            missing.
        </p>

        <p class="para">
            <span class="classname">Zend_OpenId_Extension_Sreg</span> uses version
            1.0 by default, because the specification for version 1.1 is not yet finalized.
            However, some libraries don&#039;t fully support version 1.0. For example,
            www.myopenid.com requires an SREG namespace in requests which is only
            available in 1.1. To work with such a server, you must explicitly set the version to
            1.1 in the <span class="classname">Zend_OpenId_Extension_Sreg</span> constructor.
        </p>

        <p class="para">
            The second argument of the <span class="classname">Zend_OpenId_Extension_Sreg</span>
            constructor is a policy <acronym class="acronym">URL</acronym>, that should be provided to the user by
            the identity provider.
        </p>
    </div>

    <div class="section" id="zend.openid.consumer.auth"><div class="info"><h1 class="title">Integration with Zend_Auth</h1></div>
        

        <p class="para">
            Zend Framework provides a special class to support user
            authentication: <span class="classname">Zend_Auth</span>. This class can be used together
            with <span class="classname">Zend_OpenId_Consumer</span>. The following example shows how
            <span class="classname">OpenIdAdapter</span> implements
            the <span class="classname">Zend_Auth_Adapter_Interface</span> with the
             <span class="methodname">authenticate()</span> method. This performs an authentication query
            and verification.
        </p>

        <p class="para">
            The big difference between this adapter and existing ones, is that
            it works on two <acronym class="acronym">HTTP</acronym> requests and includes a dispatch code to perform
            the second or third step of OpenID authentication.
        </p>

        <div class="example" id="zend.openid.consumer.example-7"><div class="info"><p><b>Example #10 Zend_Auth Adapter for OpenID</b></p></div>
            

            <pre class="programlisting brush: php">
&lt;?php
class OpenIdAdapter implements Zend_Auth_Adapter_Interface {
    private $_id = null;

    public function __construct($id = null) {
        $this-&gt;_id = $id;
    }

    public function authenticate() {
        $id = $this-&gt;_id;
        if (!empty($id)) {
            $consumer = new Zend_OpenId_Consumer();
            if (!$consumer-&gt;login($id)) {
                $ret = false;
                $msg = &quot;Authentication failed.&quot;;
            }
        } else {
            $consumer = new Zend_OpenId_Consumer();
            if ($consumer-&gt;verify($_GET, $id)) {
                $ret = true;
                $msg = &quot;Authentication successful&quot;;
            } else {
                $ret = false;
                $msg = &quot;Authentication failed&quot;;
            }
        }
        return new Zend_Auth_Result($ret, $id, array($msg));
    }
}

$status = &quot;&quot;;
$auth = Zend_Auth::getInstance();
if ((isset($_POST[&#039;openid_action&#039;]) &amp;&amp;
     $_POST[&#039;openid_action&#039;] == &quot;login&quot; &amp;&amp;
     !empty($_POST[&#039;openid_identifier&#039;])) ||
    isset($_GET[&#039;openid_mode&#039;])) {
    $adapter = new OpenIdAdapter(@$_POST[&#039;openid_identifier&#039;]);
    $result = $auth-&gt;authenticate($adapter);
    if ($result-&gt;isValid()) {
        Zend_OpenId::redirect(Zend_OpenId::selfURL());
    } else {
        $auth-&gt;clearIdentity();
        foreach ($result-&gt;getMessages() as $message) {
            $status .= &quot;$message&lt;br&gt;\n&quot;;
        }
    }
} else if ($auth-&gt;hasIdentity()) {
    if (isset($_POST[&#039;openid_action&#039;]) &amp;&amp;
        $_POST[&#039;openid_action&#039;] == &quot;logout&quot;) {
        $auth-&gt;clearIdentity();
    } else {
        $status = &quot;You are logged in as &quot; . $auth-&gt;getIdentity() . &quot;&lt;br&gt;\n&quot;;
    }
}
?&gt;
&lt;html&gt;&lt;body&gt;
&lt;?php echo htmlspecialchars($status);?&gt;
&lt;form method=&quot;post&quot;&gt;&lt;fieldset&gt;
&lt;legend&gt;OpenID Login&lt;/legend&gt;
&lt;input type=&quot;text&quot; name=&quot;openid_identifier&quot; value=&quot;&quot;&gt;
&lt;input type=&quot;submit&quot; name=&quot;openid_action&quot; value=&quot;login&quot;&gt;
&lt;input type=&quot;submit&quot; name=&quot;openid_action&quot; value=&quot;logout&quot;&gt;
&lt;/fieldset&gt;&lt;/form&gt;&lt;/body&gt;&lt;/html&gt;
</pre>

        </div>

        <p class="para">
            With <span class="classname">Zend_Auth</span> the end-user&#039;s identity is saved in the
            session&#039;s data. It may be checked with <span class="classname">Zend_Auth::hasIdentity</span>
            and <span class="classname">Zend_Auth::getIdentity</span>.
        </p>
    </div>

    <div class="section" id="zend.openid.consumer.mvc"><div class="info"><h1 class="title">Integration with Zend_Controller</h1></div>
        

        <p class="para">
            Finally a couple of words about integration into
            Model-View-Controller applications: such Zend Framework applications are
            implemented using the <span class="classname">Zend_Controller</span> class and they use
            objects of the <span class="classname">Zend_Controller_Response_Http</span> class to prepare
            <acronym class="acronym">HTTP</acronym> responses and send them back to the user&#039;s web browser.
        </p>

        <p class="para">
            <span class="classname">Zend_OpenId_Consumer</span> doesn&#039;t provide any GUI
            capabilities but it performs <acronym class="acronym">HTTP</acronym> redirections on success of
            <span class="classname">Zend_OpenId_Consumer::login</span> and
            <span class="classname">Zend_OpenId_Consumer::check</span>. These redirections may work
            incorrectly or not at all if some data was already sent to the web browser. To
            properly perform <acronym class="acronym">HTTP</acronym> redirection in <acronym class="acronym">MVC</acronym> code the
            real <span class="classname">Zend_Controller_Response_Http</span> should be sent to
            <span class="classname">Zend_OpenId_Consumer::login</span> or
            <span class="classname">Zend_OpenId_Consumer::check</span> as the last argument.
        </p>
    </div>
</div>
        <hr />

            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="zend.openid.introduction.html">Introduction</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="zend.openid.html">Zend_OpenId</a></span><br />
                        <span class="home"><a href="manual.html">Programmer's Reference Guide</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="zend.openid.provider.html">Zend_OpenId_Provider</a></div>
                    </td>
                </tr>
            </table>
</td>
        <td style="font-size: smaller;" width="15%"> <style type="text/css">
#leftbar {
	float: left;
	width: 186px;
	padding: 5px;
	font-size: smaller;
}
ul.toc {
	margin: 0px 5px 5px 5px;
	padding: 0px;
}
ul.toc li {
	font-size: 85%;
	margin: 1px 0 1px 1px;
	padding: 1px 0 1px 11px;
	list-style-type: none;
	background-repeat: no-repeat;
	background-position: center left;
}
ul.toc li.header {
	font-size: 115%;
	padding: 5px 0px 5px 11px;
	border-bottom: 1px solid #cccccc;
	margin-bottom: 5px;
}
ul.toc li.active {
	font-weight: bold;
}
ul.toc li a {
	text-decoration: none;
}
ul.toc li a:hover {
	text-decoration: underline;
}
</style>
 <ul class="toc">
  <li class="header home"><a href="manual.html">Programmer's Reference Guide</a></li>
  <li class="header up"><a href="manual.html">Programmer's Reference Guide</a></li>
  <li class="header up"><a href="reference.html">Zend Framework Reference</a></li>
  <li class="header up"><a href="zend.openid.html">Zend_OpenId</a></li>
  <li><a href="zend.openid.introduction.html">Introduction</a></li>
  <li class="active"><a href="zend.openid.consumer.html">Zend_OpenId_Consumer Basics</a></li>
  <li><a href="zend.openid.provider.html">Zend_OpenId_Provider</a></li>
 </ul>
 </td>
    </tr>
</table>

<script type="text/javascript" src="../js/shCore.js"></script>
<script type="text/javascript" src="../js/shAutoloader.js"></script>
<script type="text/javascript" src="../js/main.js"></script>

</body>
</html>